Showing papers in "International Review of Law, Computers & Technology in 2009"

Agents, Trojans and tags: The next generation of investigators

Abstract: In a statement the Council of the European Union has recommended that member states should introduce clandestine remote searches of computers as a standard investigation method to combat cybercrime. At present, there is little analysis of the consequences such a development will have in the UK. The use of remote forensic software tools by law enforcement agencies has been, however, controversially discussed elsewhere and most notably in Germany where the Federal Constitutional Court had the opportunity to analyse the issue. This paper describes the use of this investigation method in Germany and analyses the reaction of the German and some other legal systems to give a first indication of the likely issues that its use in the UK will raise.

Children's data protection vs marketing companies

Abstract: The opportunity that the Internet represents for children is undeniable. The increasing amount of children's personal data collected online raises an issue balance: how to protect children's privacy without impeding the development of children's online opportunities. Businesses collect children's personal data in order to profile and target them. Aware of the risks such practices represent for children's data protection, the US Congress has legislated the Child Online Privacy Protection Act (the so-called 'COPPA') which became effective in April 2000. In Europe, the collection and use of personal data is covered by the 1995/46 European Directive which has the fundamental aim of protecting individual privacy. The Directive does not, however, distinguish between data subjects who are adults and those who are children: it provides no specific protection for children's privacy.This paper considers the different approaches adopted in the USA and in Europe with regard to children's online data protection. In parallel, it appears that soft law is used as a new tool to regulate children's privacy. Particular attention will be paid to soft law adopted in the UK and in France.

Protecting 'privacy' through control of 'personal' data processing: A flawed approach

Abstract: The development of a frontier-free internal market and of the so-called 'information society' have resulted in an increase in the flow of personal data between EU member states. To remove potential obstacles to such transfers, data protection legislation was introduced. One of the underpinning principles of Directive 95/46/EC is the protection of privacy. Yet, the legislation does not provide a conclusive understanding of the terms 'privacy' or 'private' data. Rather, privacy protection is to be achieved through the regulation of the conditions under which personal data may be processed. An assessment of whether, 10 years after the enactment of the Data Protection Act 1998 (DPA 1998), a coherent understanding of the concept of personal data exists, necessitated an analysis of the decisions in Durant v. FSA ([2003] EWCA Civ 1746) and CSA v. SIC ([2008] 1 WLR 1550, [2008] UKHL 47). Furthermore, in order to examine the effectiveness of the legislation, this article examines whether the term 'personal' is synonymous with the term 'private' data and whether control over processing of personal information protects privacy. By drawing on interviews with privacy and data protection experts, and from the findings of a survey of bloggers, it will be shown that a review of the assumptions and concepts underpinning the legislation is necessary.

Law shaping technology: Technology shaping the law

Abstract: Although the original Data Protection Act in the UK was 1984, it was really only with the 1998 Act that data protection ever raised a murmur in the public consciousness. Privacy is about our 'right to be let alone'. (Louis Brandeis) Protecting privacy is about protecting our sense of self. The question has been raised: 'What are sites such as Facebook doing to protect our data and our privacy?' Consider a politician who takes all steps including injunction to prevent newspapers printing pictures of his children in order to protect their privacy, yet sends out thousands of Christmas cards showing those children-is that privacy, or hypocrisy? Maybe social networking sites have no obligation to protect our data-at least insofar as we have chosen to make it publicly available on those sites. Should law and society protect such blogs as free speech or protect those mentioned therein from having their information and exploits retained in perpetuity? I have focussed here on some of the data protection and privacy issues which appear to me to merit consideration. If the purpose of legal protection is to encourage creators, how does a music industry company such as Sony or Universal owning all the copyrights facilitate this purpose? How should the monopoly rights of content owners be reconciled with the rights of users? Is DRM compatible with permitted use under copyright law? If breach of data protection law should be punishable by financial penalty, how should breach in the public sector be handled, given that any penalty would simply be recycled? Should ISPs be required to police IP rights-and if so how does this fit with privacy concerns?

The future of copyright in the age of convergence: Is a new approach needed for the new media world?

Abstract: In 2007 the European Commission finalised its proposals for replacing the Television without Frontiers Directive. The resultant Audiovisual Media Services Directive aims to provide a more suitable regulatory framework for the creative industries allowing it to benefit from the opportunities brought about by convergence. Convergence is the coming together of different technologies which have distinct functions to create one medium which performs each divergent function. The prime illustration of convergent technologies is arguably the coming together of telecommunications and broadcasting, through the internet and digital technology, so as to enable us to make voice telephony calls and watch television while sat at a computer. However, while convergence has created opportunities for the industry it has also created threats in that the same technology is also being used to infringe the copyright of content producers on a far greater scale. This is important as wide scale infringement may impact negatively on the creation of new works; as without protection from illegal copying the work has less economic value. It is argued that regardless of any other flaws the new Directive may have; its biggest weakness is not addressing the link between converged media platforms and the potential for increased copyright infringement. This work proceeds to evaluate whether the traditional approach to copyright protection is still the most suitable and whether in fact the arguments advanced in favour of this approach still have merit in the converged age. To this end an evaluation of a Creative Commons approach is provided in order to see whether this may have more advantages.

Is identity theft really theft

Abstract: This article continues the examination of the emergent legal concept of identity now clearly evident in the UK as a result of the Identity Cards Act 2006 (UK) and its consequences. In 'Conceptualising Identity' (International Review of Law, Computers and Technology 2, no. 3 (2007): 237), the author asserted that identity is emerging as a distinct, new legal concept and considered the composition and legal function of the new concept. This article builds on that study and uses the emergent concept of identity, particularly token identity, to analyse the nature and consequences of identity theft. Identity theft is defined using the concept of identity now evident in the UK and the article examines misuse by a person of another individual's registered token identity for a transaction. The article considers whether an individual's identity is property that is capable of being the subject of theft, having regard to the nature and function of the emergent concept of identity.

Civil society in Second Life

Abstract: The original premise of Second Life was that people really could have a second life They could be a postman or a shop clerk by day, but by night, they could be a DJ or a builder and earn a living People took this seriously and did just that to the extent of even quitting their day jobs The consequence of this is that the lives of the people in Second Life and the institutions they make are a type of civil society

Gambling on compliance with the new 2005 Act: Do organisations fulfil new regulations?

Abstract: Gambling is not a new phenomenon. Indeed gambling has been seen to be omnipresent throughout history and culture. However gambling has taken a new path. Online gambling is fast becoming a major pastime for many of society. The ease of access and convenience of play has led to an increase in the numbers of people gambling, and not just online. Within the increase of online gambling there has also been an increase in the regulation surrounding this industry. This paper explores the regulatory approach to online gambling within the UK. The researchers explore the Gambling Act 2005 (UK) and provide an empirical analysis of the UK major gambling organisation to determine what regulatory aspects they adopt and what safety measures they have in place to protect minors and to protect against financial crime. The researchers finally looks at policy implications for UK governments when regulating future online gambling.

Making intermediary Internet service providers participate in the regulatory process through tort law: A comparative analysis

Abstract: A decade after the adoption of the Communications Decency Act and the Digital Millennium Copyright Act on one side of the Atlantic and the European Directive 2000/31/EC on electronic commerce on the other side, one could have expected the role of intermediary Internet service providers (IISPs) to become clearer as regards their contribution to Internet regulation and, in particular, speech regulation. Truly, at the end of the 1990s 'self-regulation against tort law immunities' seemed to be the appropriate path to follow in order to subsidize the Information Technology and Technology industry, especially in systems where free speech is often a superseding value. Yet, such a trade-off has progressively appeared inappropriate from the perspective of victims, namely because of the growth of IISPs' regulatory capacities. This has become even more apparent with the emergence of web 2.0 applications. However, judges have not always drawn their inspiration from the originality of the regulatory models underlying the interventions of their respective legislators. This is true both within the USA and in France. This paper thus seeks to highlight the ways that the formalism of tort law has been 'instrumentalized' by the judiciary to further a particular paradigm of speech regulation in cyberspace, despite the legislative recognition of alternative paradigms.

Creative Commons: A business model for products nobody wants to buy

Abstract: In this paper the use of Creative Commons (CC) is questioned. That is done by concentrating on the following question: what is CC, in which circumstances is CC useful and what are its drawbacks? Does CC solve any problems or is there a need to change copyright laws and treaties to accommodate this use of copyright?

The right of reputation in the Internet era

Abstract: Protecting one's reputation has arguably become harder in this time of YouTube, ‘blogs’ and mobile phone cameras. The simple truth is that it is easier to get ‘caught’ doing something inappropriate and it is easier for people to publish defamatory materials. This article is a somewhat eclectic selection of issues of particular significance to the right of reputation in our modern Internet-based society.

Copyright, contract and the protection of computer programs

Abstract: The extent to which permitted acts under copyright law can be varied by contractual arrangement and conversely, the manner in which proprietary interests can override contrary stipulations expressed in a contractual agreement, collectively display something of the complexity facing software creators and acquirers when defining the scope of their rights and responsibilities towards each other. This paper explores the true scope of the rights granted to software users under existing legislation and considers the measures which a software creator may legitimately advance in order to vary that position. In so doing it is suggested how possible tensions between copyright and contract principles can be resolved and how a successful and suitably transparent agreement between the parties can be promoted.

Is it possible to define 'privacies' within the law? Reflections on the 'securitisation' debate and the interception of communications

Abstract: This article originates from the author's ongoing research into whether common factors that define 'privacy' may be identified and theorised. The research focuses on privacy in relation to the interception of communications. The rapid development over the past three decades of new technologies of surveillance raises a number of important questions about what is perceived as the shifting relationship between the citizen and the state. With the Information Commissioner and others to claim that modern British society is a 'surveillance society', and that the privacy of citizens is being sacrificed on the altar of 'security'. However, it is not the case that a commonly accepted definition of privacy exists. The paper outlines the methodology to identify the contingents that are present in debates over privacy. First, it considers the difficulties in trying to define privacy since Warren and Brandeis', 'The Right to Privacy', essay famous, and argues that the term 'privacy' does not convey a purposeful meaning in terms of the interception of communications. Second, it identifies factors which allow privacy to be understood as a form of personal power. These factors point not only to whether information itself should be private to an individual but to the contexts in which the information is obtained. It is not information per se that is the key factor but its context. Finally, it is argued that it may be possible to isolate the factors that will produce a definition of privacy in relation to the interception of communications by looking at each set of circumstances and asking certain key questions.

Technology and the cultural appropriation of music

Abstract: Technology, particularly recording technology, has for more than a century threatened the copyrights of composers, publishers and performers. Users armed with this technology have been given the means to record, copy and distribute the works of others. The response of rights holders has been to advocate the reiteration and expansion of their copyrights. The increased copyright regimes while going someway to protect the rights of composers, publishers and performers has also swept material from the public domain, so making it unavailable to other artists and follow-on creators. This process is referred to by Lessig as the locking down and appropriation of culture, a process that some argue will lead to a lack of diversity and choice. The folk song The Legend of Tom Dula (Dooley) is one of the best known examples of this appropriation. This song had been freely available to generations of folk singers until it was captured in a recording. The recording was transcribed and copyright was claimed, the song was no longer in the public domain. Whereas technology provides the reason to expand copyright, information technology and particularly the internet has spurned a number of initiatives that may lead to the freeing of content. The open source movement has been very successful in freeing and generating content; this movement has itself led to other related initiatives. One of these, the Creative Commons, provides a broad based solution which through a series of alternative licensing contracts allows rights holders to lessen their control on their content making it more available for others to use. This paper considers the interplay of music, technology and intellectual property. It considers how developments in information technology can now be used to offset the expansion of copyright. After reviewing some of these developments, particularly the Creative Commons, and considering evidence now analysed from a European wide survey of musicians and publishers completed in 2008, the paper concludes that these fixes, rooted in intellectual property, unfortunately offer little by way of solution. However technological solutions not so closely tied to intellectual property may offer more appropriate and workable solutions.

Online protection of the child within Europe

Abstract: This article discusses the online protection available to children and young people within Europe. Children and young people are significant users of information technology and they must be able and comfortable to safely use this technology. The European Union and the Council of Europe have been at the vanguard of attempts to regulate the information society in order to protect young netizens.

'Spam, spam, spam, spam... Lovely spam!' Why is Bluespam different?

Abstract: The sending of unsolicited communications (commonly known as 'spam') is considered as a great intrusion into the privacy of the user of electronic communications services, and is therefore regulated in Article 13 of the ePrivacy directive. At the time of the adoption of the directive, the most common ways of spamming were via telephone, fax, electronic mail and SMS. Technological progress, however, has since created more types of spamming, one of which is Bluespam, i.e. the action of sending spam to Bluetooth-enabled devices, such as mobile phones, PDAs or laptop computers. Although, at first sight, it would seem that Bluespam should be considered as any other type of spam, and would therefore fall under the ambit of Article 13 of the ePrivacy directive, a closer look reveals that the answer is in fact not so obvious.

Decentralised P2P technology: Can the unruly be ruled?

Abstract: Decentralised Peer to Peer (P2P) technology has added a significant challenge to the copyright domain. To address the problem the US court has added a third theory; namely inducement theory into the genre of secondary infringement. The aim of the article is to examine the prospect of implementing inducement theory into the UK context. However, after examining the current scenario this paper suggests that instead of adding a new theory into the domain of secondary infringement, the challenge of decentralised P2P technology should be addressed by way of device protection.

Aims, methods and achievements in European data protection1

Abstract: The protection of personal data represents one of recent most emerging legal issues. On one hand, the privacy and the discretion of individuals are challenged by various new means of data collection and communication. On the other hand, the growth and development of the information economy is heavily dependent on the level of freedom of business units in gathering, processing and distribution of various kinds of information. In this short notice, we will try to summarize the experience with the data protection laws with respect to their basic teleology.

The UK 2007-2008 data protection fiasco: Moving on from bad policy and bad law?

Abstract: A number of commentators were not surprised when the news broke in November 2007 that the personal data of 25 million UK citizens had been lost. This is because Information and Data Protection Commissioners around Europe had been meeting and comparing notes every year for a quarter of a century, during which period the lack of privacy culture in both public and private sector organisations had long been noted. This lack of privacy culture is exacerbated by data protection laws often setting up relatively toothless watchdogs. The UK was a classic example of the minimalist approach to data protection with the Commissioner being required to give prior notice of inspections. The UK Commissioner had long lamented that his organisation simply did not have the teeth to carry out inspections without warning. Following the November fiasco, the UK Commissioner received a commitment from Government that his powers would be increased but is this enough? This paper explores the limitations of law in such circumstances and especially how, even if the law is adequate, policy priorities or mistakes may be such so as to deny a data protection authority effective teeth through more bad law as well as inadequate funding for resources.

Investigating the legal protection of data, information and knowledge under the EU data protection regime

Abstract: Information science distinguishes between the semantic forms/intangibles of data, information and knowledge. Data (e.g. an attribute of a data record in a relational database) does not have any meaning by itself. Information is data brought into context (e.g. data related to its primary key), and knowledge is the collection of information for useful intent (e.g. a database). This paper investigates the mapping of semantic forms in information science (i.e. data, information, knowledge) to correlative concepts in information law (primarily data protection legislation) with a view to investigating how such semantic forms are legally protected. The paper first proposes a data, information, knowledge, rules (DIKR) hierarchy in the context of relational database theory, and interprets this hierarchy with respect to data protection concepts. The paper then gives an in-depth discussion of the elements of the DIKR hierarchy (data, information, knowledge, deduced knowledge, induced knowledge) and how they relate t...

The Public Domain: Enclosing the Commons of the Mind

Abstract: In his latest text, James Boyle provides a delightful and insightful introduction into the role and scope of intellectual property and the dangers faced in the information society by the continued encroachment of such rights. Articulate, witty and lucid the text pulls the reader effortlessly through a series of examples that illustrate the book’s central theme. That intellectual property maximalists who equate physical and intellectual property and so demand that IP proportionally increase as copying costs decrease, are wrong. Boyle’s mantra is that such state granted monopolies do not necessarily encourage innovation and creativity. ‘More rights will not necessarily produce more innovation.’ For Boyle empirical data, the role of public domain and the commons are all elements that need to be considered before the granting of such monopolies. Through a series of wide ranging examples Boyle, with effortless prose, takes the reader from the founding fathers view of intellectual property rights and monopolies, to the challenges of digital technology, the peer to peer revolution and the legislative responses and technological counter responses. He argues, although the is reluctant to apportion any blame, that intellectual property regimes have become too overarching and have reduced the scope for innovation and development, in this case innovation and development will only continue to be encouraged by some lesser intellectual property regimes and a bigger public domain. Boyd describes this process as the second enclosure movement, the enclosure of the intangible commons of the mind. His style belies the depth of arguments as he effortlessly leads the reader in chapter 8 to the solution, albeit as he himself admits, a second best solution, a creative commons. This is no surprise for Boyle has stood at the epicentre of the Free Culture Movement, for more than a decade ago since his text, Shamans, Software, and Spleens offered a framework for the place of law within the information society. Much has happened since then – of most relevance has been the attempt to create this creative commons through the Creative Commons Initiative. This book can be taken as an introduction, an easy read, but it can be much more, the detailed chapter notes placed at the back give an insight into the depth of research and materials available for the reader wishing to take the matters further. Some chapters however stand on their own, particularly Chapter 6 and the masterly analysis of Ray Charles’s song ‘I Got a Woman’. Others, for example Chapter 7 and the issues around patents, leave significant areas around open patents for the reader to explore elsewhere. The Public Domain will not necessarily provide anything new for those familiar with this area and with the previous work of Boyle but as an introduction to the field of intellectual property, information technology and policy the book has no equal and is a must read. In providing such an enticing and compelling read Boyle gives the impression of proving a

An uncomfortable marriage: The challenges 'new' technology is posing to 'old' or established legal concepts?

Abstract: BILETA 2008 ‘Law Shaping Technology; Technology Shaping the Law’ was organised at Glasgow Caledonian University by Michael Bromby and took as its main theme the security and privacy of personal information. The conference’s first keynote speaker, David Flint, a Partner in MacRoberts Technology Media & Communications Group, is an independent expert under the UK Domain Dispute Resolution Procedure. He tackled the conference theme head on. How can the right to free speech be reconciled with the right to privacy, particularly with the rise in social networking technologies and user generated content? Have for example sites such as Facebook and YouTube responded in a timely and effective manner to safeguard our data, while promoting our rights to free speech? The topics of information and privacy have featured regularly in the writings of legal scholars for over a century, not least because of ongoing debates and obscurities with regard to definitions and applications of the terms. This edition capturing several privacy-related papers from the conference, which go some way to meeting David’s challenge. One of the key hurdles in creating the law of privacy has been the disagreement of what constitutes an invasion of privacy and it is generally accepted that this is further dependant upon cultural, and other, perspectives. Karen McCullagh, in ‘Protecting “privacy” through control of “personal” data collection: A flawed approach’ acknowledges the absence of key definitions with regards to privacy, seeks to identify whether or not the term privacy is synonymous with the term personal (UK Data Protection Act 1998), and adopts empirical research to assist in determining this. McCullagh’s findings and discussion is important in demonstrating that an agreement upon a common ground of the invasion of privacy seems to exist. Continuing on the theme of definition within privacy, Dan Ritchie in ‘Is it possible to define “privacies” within the law? Reflections on the “securitisation” debate and the interception of communications’, considers privacy within the context of surveillance and the interception of communications. The definition of privacy is reviewed with an emphasis on informational privacy, providing an interesting account on how the public perception of what is private can differ in context of modern technology. Richie puts forward his own questions that should be addressed to further the debate on privacy, and in so doing proposes that individual approval or disapproval is the crux of personal feelings of privacy. Issues affecting children are generally high on most agendas and privacy is no different. In her paper Emmanuelle Bartoli performs a comparative analysis of the provisions in place